Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
gsbeaton
Luminary Alumni
Luminary Alumni

QS Enterprise on Amazon EKS fails at authentication stage

Hi folks,

I'm running QS Enterprise on EKS.  No issues with install and all pods report they are running correctly.

However, when I try to connect via a web browser, I get stuck at http://elastic.example:32123/auth?client_id=foo&scope=openid%20profile&response_type=code&state=eyJh.......

I've opened the relevant ports to the cluster, but on looking at the log files, it appears there is an issue with the ingress controller communicating with the other node in the cluster.  I'm not sure if this is a red herring, but it's as far as I've got.  Any suggestions?

 

image.png

Labels (4)
3 Replies
ThiebaudS
Partner - Creator II
Partner - Creator II

Hi there,

Why are you using elastic.example:32123 to access your EKS deployment ?

This URL is supposed to be used only when you deploy qliksense locally on a minikube cluster.

 

If you deploy to EKS, you should access your qliksense deployment using the ingress load balancer URL.

Just type "kubectl describe svc qliksense-nginx-ingress-controller | grep LoadBalancer", and you will get the AWS public URL of your loadbalancer.

You should then create a DNS CNAME to point your custom domain to this AWS URL.

 

Best regards,

Thiébaud

gsbeaton
Luminary Alumni
Luminary Alumni
Author

Hi Thiébaud

We're using the elastic.example alias mostly because we are following the documentation which suggests a basic IDP at elastic.example:32123 is configured out of the box.  We've put this work on hold until Qlik update their documentation.

Best regards

George

ThiebaudS
Partner - Creator II
Partner - Creator II

Hi,

When you say that you "get stuck at http://elastic.example:32123....." what happen exactly ?

In my opinion, the internal IdP is not supposed to be used when not using a local Kubernetes cluster, because even if you point "elastic.example" to your AWS deployment, the port 32123 will not be publicly accessible.

You should take a look at Auth0 for the IdP, as it's free and easy to set up.

In my case I'm using EKS, Auth0, and Atlas MongoDB.

Best regards,